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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )^ Responsive to communication(s) filed on 1/15/2002 . 
2a)Q This action is FINAL. 2b)[>3 This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 
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4) ^| Claim(s) 1-34 is/are pending in the application. 
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5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-8 and 13-34 is/are rejected. 

7) Q Claim(s) is/are objected to. 

Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9)D The specification is objected to by the Examiner. 

10) n The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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2. Q Certified copies of the priority documents have been received in Application No. . 
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application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1. During a telephone conversation with Paul A. Mendonsa (Reg. No.42,879) on 
9/23/2004 a provisional election was made without traverse to prosecute the invention, 
claims 9-12. Affirmation of this election must be made by applicant in replying to this 
Office action. Claims 9-1 2 are withdrawn from further consideration by the examiner, 37 
CFR 1.142(b), as being drawn to a non-elected invention. 

2. Claims 1-8 and 13-34 are presented for examination. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 1-8 and 13-24 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Hericourt (hereafter Hericourt), U.S. pat. No.6,792,461 . " 

As to claim 1 , Hericourt discloses a communication switch comprising: 

at least one input for receiving messages, each message including, 

an address specifier and a port specifier (using IP datagram, see fig.5, col.10 line 
57 to col.1 1 line 13 and col. 15 line 46 to coU6 line 33). 

a traffic analyzer (traffic analyzer 513 fig.5) for comparing the port specifier of a first 
message against the port specifiers of previously received messages and an output for reporting a 
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result of the comparing (checking to see if the request HTTP located in cache, see col.1 1 lines 14-63 
and col. 12 lines 12-57). 

As to claims 2 and 3, Hericourt discloses a usage tracking system for throttling traffic through the 
communication switch and means for throttling traffic according to address specifier and port 
specifier in combination (using web traffic policing to process data messages, see col. 12 line 26 to 
col.13 line 27). 

As to claims 4 and 5, Hericourt discloses the usage tracking system includes means for throttling 
traffic according to a predetermined maximum aggregate bandwidth for the communication switch 
and reporting fraud over the output (using traffic analyzer to determine if IP datagram is originated 
from a source device or from a server, see col. 12 lines 20-58 and col. 14 lines 13-65). 

As to claim 6, Hericourt discloses the traffic analyzer is further for comparing the address 
specifier and port specifier combination of the first message against the address specifier and port 
specifier combinations of the previously seen messages (see col. 12 lines 20-58 and col. 14 lines 13- 
65). 

As to claim 7, Hericourt discloses that each message further includes, traffic type specifier; and 
the traffic analyzer is further for comparing the traffic type specifier of the first message against the 
traffic type specifiers of the previously received messages (see col. 12 lines 20-58 and 19 lines 13- 
64). 

As to claim 8, Hericourt discloses each message further includes a traffic type specifier and the 
traffic analyzer is further for comparing the address specifier, port specifier, and traffic type specifier 
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of the first message against the address specifier, port specifier, and traffic type specifier 
combinations of the previously received messages (see col. 12 lines 20-58 and col. 17 line 23 to 
col. 18 line 60). 

As to claim 13, Hericourt discloses a method comprising: 

receiving a message which includes an address:port identifier (using IP datagram, see 
fig.5, col. 10 line 57 to col. 11 line 13 and col. 15 line 46 to col. 16 line 33). 

comparing the address:port identifier against previously received messages 1 address:port 
identifiers (checking to see if the request HTTP located in cache, see col. 11 lines 14-63 and col. 12 
lines 12-57); and 

determining whether excessive traffic is originating from a source identified by the 
address:port identifier (see col. 13 lines 4-67). 

As to claims 14 and 15, Hericourt discloses throttling message traffic in response to 
determining that excessive traffic is originating from the source and throttling message traffic to 
and/or from that source (see col. 12 line 26 to col. 13 line 27). 

As to claim 16, Hericourt discloses comparing the type specifier against type specifiers of 
previously received messages from the same address:port as the message and determining 
whether the source is issuing messages of different types such as indicate fraud (using traffic 
analyzer to determine if IP datagram is originated from a source device or from a server, see col. 12 
lines 20-58 and col. 14 lines 13-65). 

As to claims 1 7 and 1 8, Hericourt discloses sending a fraud alert in response to determining 
that the source is issuing messages of different types such as indicate fraud and recording the 
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message for use in future comparisons against future messages (using web traffic policing extension 
table, see fig.6, col. 13 line 29 to col. 14 line 65). 

As to claim 19, Hericourt discloses receiving an indication of a maximum bandwidth and 
throttling message traffic in response to the indication of the maximum bandwidth (using traffic 
analyzer to determine if IP datagram is originated from a source device or from a server, see col. 12 
lines 20-58 and col. 14 lines 13-65). 

As to claim 20, Hericourt discloses a customer premises gateway for communicating with an 
ISP premises head-end server (web system 505 fig. 5), the customer premises gateway comprising: 

at least one first I/O (509 fig. 5) each for connecting to a communication device (501 fig.5) 
and a second I/O (proxy server 503's fig.5) for connecting to the ISP premises head-end server (505 
fig.5); and 

a traffic analyzer (513 fig.5) coupled to the at least one first 1/0 and the second I/O, 
including a port identifier comparator, a throttling mechanism, and a fraud reporter (checking to 
see if the request HTTP located in cache, see col.1 1 lines 14-63 and col. 12 lines 12-57). 

As to claims 21 and 22, Hericourt discloses a message type analyzer, comparing a first 
address:port combination of a message against a second address:port combination of a 
previously received message and responsive to the address:port comparison, determine 
whether excessive traffic is going to/from the first address:port combination (see col. 12 lines 
20-58 and col. 14 lines 13-65). 
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As to claim 23, Hericourt discloses throttling traffic to/from the first address:port 
combination and report fraud (see col. 12 lines 20-58 and col. 14 lines 13-65). 

As to claim 24, Hericourt discloses comparing a first type specifier of the message against 
a second type specifier of the previously received message and responsive to the type 
specifier comparison (see col. 12 lines 20-58 and col. 14 lines 13-65). 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of the 

claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the 

various claims was commonly owned at the time any inventions covered therein were 

made absent any evidence to the contrary. Applicant is advised of the obligation under 

37 CFR 1.56 to point out the inventor and invention dates of each claim that was not 

commonly owned at the time a later invention was made in order for the examiner to 

consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 

prior art under 35 U.S.C. 1 03(a). 

6. Claims 25-34 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hericourt in view of Sigaud (hereafter Sigaud), U.S. pat. No!6,657,956. 
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As to claims 25 and 26, Hericouifs teachings still applied as in item 4 above. Hericourt 
further discloses a router (509 fig. 5). Hericourt does not specifically disclose 
masquerading port information and reporting the masquerading. However, Sigaud 
discloses disclose masquerading port information in IP environment and report the 
masquerading (preventing a hacker from connecting at a given moment by 
masquerading as someone else at the terminal connected to the IP network, see fig.2, 
col.4 line 60 to col. 5 line 65). It would have been obvious to one of the ordinary skill in 
the art at the time the invention was made to incorporate Sigaud's teachings into the 
computer system of Hericourt to protect data information because it would have protected a 
stations' access to at least one server and provided selection access to the application 
requested from the server in a communications network. 

As to claim 27, Hericourt discloses a method for a communication switch to detect that a 
device connected to the communication switch is a router, comprising: 

receiving from the device a message including address and sub-address identifiers 
(using IP datagram, see fig. 5, col. 10 line 57 to col. 11 line 13 and col. 15 line 46 to col. 16 line 33). 

comparing the address and sub-address identifiers against one or more previously received 
messages (checking to see if the request HTTP located in cache, see col. 11 lines 14-63 and col. 12 
lines 12-57). 

Hericourt does not specifically disclose detecting that the device is performing masquerading. 
However, Sigaud discloses disclose detecting that the device is performing masquerading 
(preventing a hacker from connecting at a given moment by, masquerading as someone 
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else at the terminal connected to the IP network, see fig.2, col.4 line 60 to col.5 line 65). 
It would have been obvious to one of the ordinary skill in the art at the time the invention 
was made to incorporate Sigaud's teachings into the computer system of Hericourt to 
protect data information because it would have protected a stations' access to at least one 
server and provided selection access to the application requested from the server in a 
communications network. 

As to claims 28 and 29, Hericourt discloses observing a first message type indicator in the 
message and a different message type indicator in at least one of the previously received messages 
and recording the address and sub-address identifiers of the message, receiving a second message 
and comparing the second message's address and sub-address identifiers against the recorded 
address and sub-address identifiers (see col. 12 lines 20-58 and col. 14 lines 13-65). 

As to claim 30, Hericourt discloses the address identifier comprises an Internet Protocol 
address and the sub-address identifier comprises a port number (see col. 12 lines 20-58 and col. 14 
lines 13-65). 

As to claim 31 , Hericourt discloses sending a fraud alert to a server (see col. 12 lines 20-58 and 
col. 14 lines 13-65). Hericourt does not specifically disclose to detecting masquerading. 
However, Sigaud discloses disclose detecting masquerading (preventing a hacker from 
connecting at a given moment by masquerading as someone else at the terminal 
connected to the IP network, see fig.2, col.4 line 60 to col.5 line 65). It would have 
been obvious to one of the ordinary skill in the art at the time the invention was made to 
incorporate Sigaud's teachings into the computer system of Hericourt to protect data 
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information because it would have protected a stations' access to at least one server and 
provided selection access to the application requested from the server in a communications 
network. 

As to claims 32 and 33, Hericourt discloses throttling message transmission, comparing a 
message type identifier of the message against one or more previously received messages and 
detecting that the message type identifier of the message is different than a message type identifier 
of a previously received message having a same address identifier and a same sub-address 
identifier as the message (see col. 12 lines 20-58 and col. 14 lines 13-65). 

As to claim 34, Hericourt discloses the address identifier comprises an Internet Protocol 
address, the sub-address identifier comprises a port number and one of an HTTP specifier and 
an FTP specifier (see col. 12 lines 20-58 and col. 14 lines 13-65). 

Other prior art cited 

7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. McCreery et al, US pat. No.5,787,253. 

b. Macleod Beck etal, US pat. No.6,1 70,011. 

c. Bharali et al, US pat No.6,216,163. 

d. Procopioetal., U.S. pat. No.6,691,167. 
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Conclusion 



8. Claims 1-8 and 13-34 are rejected. 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Khanh Dinh whose telephone number is (703) 308- 
8528. The examiner can normally be reached on Monday through Friday from 8:00 A.m. 
to 5:00 P.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Zarni Maung, can be reached on (703) 308-6687. The fax phone number 
for this group is (703) 872-9306. 

A shortened statutory period for reply is set to expire THREE months from the 
mailing date of this communication. Failure to response within the period for response 
will cause the application to become abandoned (35 U. S. C . Sect 133). Extensions of 
time may be obtained under the provisions of 37 CFR 1. 136(A). 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the Group receptionist whose telephone number is 
(703) 305 -9600. 




Khanh Dinh 
Patent Examiner 
Art Unit 2151 
9/27/2004 



